Описание
OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substring.
OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substring.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-24700
- https://www.open-xchange.com
- http://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html
- http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html
- http://seclists.org/fulldisclosure/2021/Jul/33
Связанные уязвимости
CVSS3: 5.4
nvd
около 5 лет назад
OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substring.